Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.
January 30, 2013 UPDATE:

At the current time D-Link deploys firmware that has UPnP feature support on our devices. The UPnP features are enabled by software developer kits - Intel, Portable, and miniUPnP.

Recently, it has been discovered that the following UPnP versions may have a security vulnerability that could cause devices to become unstable, impair functionality, or disclose the services the devices offers (i.e. network camera feed):

All Versions of Intel SDK

Version of Portable SDK prior to V. 1.6.18

Version of MiniUPnP SDK prior to V. 1.1

Security and performance is of the utmost importance to D-Link across all product lines, including networking, surveillance, storage and entertainment solutions.

The company is currently assessing the recent findings surrounding UPnP technology and whether any D-Link products are susceptible to vulnerabilities. If any action is needed, D-Link will provide information online at www.dlink.com/upnp

We are currently updating our Vendor responses at US-CERT (US Computer Emergency Readiness Team) for the support CVEs (Common Vulnerabilities and Exposures).

We also discourage the use of industry-available tools available to the public because of the number of false-negatives and false-positives. This potential vulnerability is complex and requires deeper inspection and replacement of the recommend SDK stated in the CVEs.

The following is a current status of D-Link SKUs being assessed based on the recent security vulnerability:

Unaffected SKUs

Status

DIR-605L

No Action Required.

DCS-930L

DCS-932L

DCS-942L

DCS-1100

DCS-1130L

DCS-2102

DCS-2121L

DCS-2132L

DCS-5211L

DCS-5222L

Active
Affected SKUs

Status

DIR-626L

D-Link will release an updated firmware that will close this potential vulnerability.

We will provide the release schedule as it becomes available.

For users concerned about this vulnerability there is an immediate option to disable the UPnP feature in the device by following the steps noted below.

DIR-636L

DIR-826L

DIR-836L

DCS-2103

DCS-2130

DCS-2210

DCS-2230

DCS-3710B1

DCS-6510

DCS-6511

End of Life*
Affected SKUs

Status

DIR-100

We recommend users disable UPnP on the product by following the steps noted below.

*Products generally do not receive software updates after they are announced as End of Life and no longer under support and warranty periods.

DIR-120

DIR-524UP

DIR-524UPM

DIR-604+

DIR-604UP

DIR-604UPM

DIR-624S

WBR-1320

Customers that want to disable UPnP in the affected products can do so by following these steps:

Current Solution for Affected Products by Disabling UPnP

Step 1: In your web browser, open and log in to the device web configuration page - For routers the default URL is:

http://dlinkrouter.local or http://192.168.0.1

Step 2: Click on the Advanced tab at the top and then click on Advanced Network on the left-hand side.

Step 3: Under the UPnP Settings section, uncheck the disabled UPnP buttons to disable UPnP on the device

Step 4: Click Save Settings at the top to apply the settings.

*** Please note that disabling UPnP might adversely affect features and capabilities of the device and/or supporting applications or devices connecting to these products.